Irregular Expressions

Jul 26 2010   3:24PM GMT

CVE-2009-3555 Cisco update

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

This is something I covered at the start of the year, I just noticed today that Cisco has updated the their advisory for the vulnerability with patch information and additional products.

This was the issue that could allow a malicious user to use the renegotiation in SSL / TLS to preform a MIM / Man In The Middle attack on secure sessions.

I created somewhat of an explanation from a variety of sources, you can read it here http://itknowledgeexchange.techtarget.com/Irregular-Expressions/ssl-tls-renegotiation/

It’s a pretty interesting attack, the RFC has excellent information about renegotiation and why the protocol has the ability to do it.  Also I think there is payload in Metaspoit to test it out, if there is not I know it’s out there if you look.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: